Denyhosts in the ports has a serious bug.. See https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244943 see http://www.ossec.net/en/attacking-loganalysis.html#denyhosts Fix: ############################################################# cd /usr/local/lib/python2.4/site-packages/DenyHosts/ FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P<user>.*) .* from (?P<host>.*)""") -FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups""") +FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P<user>.*) .*from (?P<host>.*) not allowed because none of user's groups are listed in AllowGroups$""") FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*fr om (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") #############################################################--vAzVti9cHUDaj5zSEB0xw20yGE3let35DUNthntluzaRCtmB Content-Type: text/plain; name="file.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="file.diff" diff -ruN regex.py.orig1 regex.py #Make change below and /usr/local/etc/rc.d/denyhosts.sh restart How-To-Repeat: see http://www.ossec.net/en/attacking-loganalysis.html#denyhosts
State Changed From-To: open->feedback Awaiting maintainers feedback
Approved the changes. To easier commit new files attached to be put in files directory
State Changed From-To: feedback->open Maintainer approved.
State Changed From-To: open->closed Committed. Thanks!
rafan 2007-06-23 06:35:16 UTC FreeBSD ports repository Modified files: security/denyhosts Makefile Added files: security/denyhosts/files patch-DenyHosts_regex.py Log: - Fix a DoS issue PR: ports/113942 Security: http://www.ossec.net/en/attacking-loganalysis.html#denyhosts Submitted by: David Bestor <freebsd1 at indenial.com> Approved by: Janos Mohacsi <mohacsi at niif.hu> (maintainer) Revision Changes Path 1.8 +1 -0 ports/security/denyhosts/Makefile 1.1 +11 -0 ports/security/denyhosts/files/patch-DenyHosts_regex.py (new) _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"